Adoptable Cookbooks List

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Requirements

Platforms

Chef

Dependent Cookbooks

Attributes

The following attributes affect the behavior of the chef-client program when running as a service through one of the service recipes, or in cron with the cron recipe, or are used in the recipes for various settings that require flexibility.

node['chef_client']['bin'] - Sets the full path to the chef-client binary. Mainly used to set a specific path if multiple versions of chef-client exist on a system or the bin has been installed in a non-sane path. Default "/usr/bin/chef-client".

node['chef_client']['ca_cert_path'] - Sets the full path to the PEM-encoded certificate trust store used by chef-client when daemonized. If not set, default values are used.

node['chef_client']['cron']['minute'] - The minute that chef-client will run as a cron task. See cron recipe

node['chef_client']['cron']['hour'] - The hour that chef-client will run as a cron task. See cron recipe

node['chef_client']['cron']['weekday'] - The weekday that chef-client will run as a cron task. See cron recipe

node['chef_client']['cron']['use_cron_d'] - If true, use the cron_d resource. If false (default), use the cron resource built-in to Chef.

node['chef_client']['cron']['mailto'] - If set, MAILTO env variable is set for cron definition

node['chef_client']['reload_config'] - If true, reload Chef config of current Chef run when client.rb template changes (defaults to true)

node['chef_client']['daemon_options'] - An array of additional options to pass to the chef-client service, empty by default, and must be an array if specified.

node['chef_client']['systemd']['timer'] - If true, uses systemd timer to run chef frequently instead of chef-client daemon mode (defaults to false). This only works on platforms where systemd is installed and used.

node['chef_client']['systemd']['timeout'] - If configured, sets the systemd timeout. This might be useful to avoid stalled chef runs in the systemd timer setup.

node['chef_client']['systemd']['restart'] - The string to use for systemd Restart= value when not running as a timer. Defaults to always. Other possible options: no, on-success, on-failure, on-abnormal, on-watchdog, on-abort.

node['chef_client']['task']['frequency'] - Frequency with which to run the chef-client scheduled task (e.g., 'hourly', 'daily', etc.) Default is 'minute'.

node['chef_client']['task']['start_time'] - The start time for the task in HH:mm format. If the frequency is minute default start time will be Time.now plus the frequency_modifier number of minutes.

node['chef_client']['task']['user'] - The user the scheduled task will run as, defaults to 'SYSTEM'.

node['chef_client']['task']['password'] - The password for the user the scheduled task will run as, defaults to nil because the default user, 'SYSTEM', does not need a password.

The following attributes are set on a per-platform basis, see the attributes/default.rb file for default values.

node['chef_client']['init_style'] - Sets up the client service based on the style of init system to use. Default is based on platform and falls back to 'none'. See service recipes.

node['chef_client']['run_path'] - Directory location where chef-client should write the PID file. Default based on platform, falls back to "/var/run".

node['chef_client']['cache_path'] - Directory location for

Chef::Config[:file_cache_path] where chef-client will cache various files. Default is based on platform, falls back to "/var/chef/cache".

node['chef_client']['backup_path'] - Directory location for Chef::Config[:file_backup_path] where chef-client will backup templates and cookbook files. Default is based on platform, falls back to "/var/chef/backup".

node['chef_client']['launchd_mode'] - (Only for Mac OS X) if set to 'daemon', runs chef-client with -d and -s options; defaults to 'interval'.

When chef_client['log_file'] is set and running on a logrotate supported platform (debian, rhel, fedora family), use the following attributes to tune log rotation.

node['chef_client']['logrotate']['rotate'] - Number of rotated logs to keep on disk, default 12.

This cookbook makes use of attribute-driven configuration with this attribute. See USAGE for examples.

node['chef_client']['config'] - A hash of Chef::Config keys and their values, rendered dynamically in /etc/chef/client.rb.

node['chef_client']['load_gems'] - Hash of gems to load into chef via the client.rb file

node['ohai']['disabled_plugins'] - An array of ohai plugins to disable, empty by default, and must be an array if specified. Ohai 6 plugins should be specified as a string (ie. "dmi"). Ohai 7+ plugins should be specified as a symbol within quotation marks (ie. ":Passwd").

node['ohai']['plugin_path'] - An additional path to load Ohai plugins from. Necessary if you use the ohai_plugin resource in the Ohai cookbook to install your own ohai plugins.

Chef Client Config

node['chef_client']['config']['chef_server_url'] - The URL for the Chef server.

node['chef_client']['config']['validation_client_name'] - The name of the chef-validator key that is used by the chef-client to access the Chef server during the initial chef-client run.

node['chef_client']['config']['verbose_logging'] - Set the log level. Options: true, nil, and false. When this is set to false, notifications about individual resources being processed are suppressed (and are output at the :info logging level). Setting this to false can be useful when a chef-client is run as a daemon. Default value: nil.

node['chef_client']['config']['rubygems_url'] - The location to source rubygems. It can be set to a string or array of strings for URIs to set as rubygems sources. This allows individuals to setup an internal mirror of rubygems for "airgapped" environments. Default value: https://www.rubygems.org.

Recipes

This section describes the recipes in the cookbook and how to use them in your environment.

config

Sets up the /etc/chef/client.rb config file from a template and reloads the configuration for the current chef-client run.

See USAGE for more information on how the configuration is rendered with attributes.

service recipes

The chef-client::service recipe includes one of the chef-client::INIT_STYLE_service recipes based on the attribute, node['chef_client']['init_style']. The individual service recipes can be included directly, too. For example, to use the init scripts, on a node or role's run list:

recipe[chef-client::init_service]

Use this recipe on systems that should have a chef-client daemon running, such as when Knife bootstrap was used to install Chef on a new system.

init - uses the init script included in this cookbook, supported on debian and redhat family distributions.

upstart - uses the upstart job included in this cookbook, supported on ubuntu.

bsd - prints a message about how to update BSD systems to enable the chef-client service.

systemd - sets up the service under systemd. Supported on systemd based distros.

default

Includes the chef-client::service recipe by default on *nix platforms and the task recipe for Windows hosts.

delete_validation

Use this recipe to delete the validation certificate (default /etc/chef/validation.pem) when using a chef-client after the client has been validated and authorized to connect to the server.

cron

Use this recipe to run chef-client as a cron job rather than as a service. The cron job runs after random delay that is between 0 and 90 seconds to ensure that the chef-clients don't attempt to connect to the chef-server at the exact same time. You should set node['chef_client']['init_style'] = 'none' when you use this mode but it is not required.

task

Use this recipe to run chef-client on Windows nodes as a scheduled task. Without modifying attributes the scheduled task will run 30 minutes after the recipe runs, with each chef run rescheduling the run 30 minutes in the future. By default the job runs as the system user. The time period between runs can be modified with the default['chef_client']['task']['frequency_modifier'] attribute and the user can be changed with the default['chef_client']['task']['user'] and default['chef_client']['task']['password'] attributes.

Usage

Use the recipes as described above to configure your systems to run Chef as a service via cron / scheduled task or one of the service management systems supported by the recipes.

The chef-client::config recipe is only required with init style init (default setting for the attribute on debian/redhat family platforms, because the init script doesn't include the pid_file option which is set in the config.

The config recipe is used to dynamically generate the /etc/chef/client.rb config file. The template walks all attributes in node['chef_client']['config'] and writes them out as key:value pairs. The key should be the configuration directive. For example, the following attributes (in a role):

The chef_server_url, node_name and validation_client_name are set by default in the attributes file from Chef::Config. They are presumed to come from the knife bootstrap command when setting up a new node for Chef. To set the node name to the default value (the node['fqdn'] attribute), it can be set false. Be careful when setting this or the Server URL, as those values may already exist.

As another example, to set HTTP proxy configuration settings. By default Chef will not use a proxy.

Configuration Includes

The /etc/chef/client.rb file will include all the configuration files in /etc/chef/client.d/*.rb. To create custom configuration, simply render a file resource with file (and the content parameter), template, remote_file, or cookbook_file. For example, in your own cookbook that requires custom Chef client configuration, create the following cookbook_file resource:

Requiring Gems

Use the load_gems attribute to install gems that need to be required in the client.rb. This attribute should be a hash. The gem will also be installed with chef_gem. For example, suppose we want to use a Chef Handler Gem, chef-handler-updated-resources, which is used in the next heading. Set the attributes, e.g., in a role:

Each key in load_gems is the name of a gem. Each gem hash can have two keys, the require_name which is the string that will be require'd in /etc/chef/client.rb, and version which is the version of the gem to install. If the version is not specified, the latest version will be installed.

The above example will render the following in /etc/chef/client.rb:

["chef/handler/updated_resources"].each do |lib|
begin
require lib
rescue LoadError
Chef::Log.warn "Failed to load #{lib}. This should be resolved after a chef run."
end
end

Start, Report, Exception Handlers

To dynamically render configuration for Start, Report, or Exception handlers, set the following attributes in the config attributes:

If the handler you're using has an initialize method that takes arguments, then pass each one as a member of the array. Otherwise, leave it blank as above.

This will render the following in /etc/chef/client.rb.

report_handlers << SimpleReport::UpdatedResources.new()

Launchd

On Mac OS X and Mac OS X Server, the default service implementation is "launchd".

Since launchd can run a service in interval mode, by default chef-client is not started in daemon mode like on Debian or Ubuntu. Keep this in mind when you look at your process list and check for a running chef process! If you wish to run chef-client in daemon mode, set attribute chef_client.launchd_mode to "daemon".

Installing and updating chef-client

This cookbook does not handle updating the chef-client, as that's out of the cookbook's current scope. To sensibly manage updates of the chef-client's install, we refer you to:

Resources

chef_client_scheduled_task

The chef_client_scheduled_task setups up chef-client to run as a scheduled task. This resource is what the task recipe calls under the hood. You can use this recipe directly when writing a wrapper cookbook. Additionally using this resource directly allows you to control where you store the user credentials instead of storing them as node attributes. This is useful if you want to store these credentials in an encrypted databag.

Actions

add

remove

Properties

user - The username to run the task as. default: 'System'

password, The password of the user to run the task as if not using the System user

frequency - Frequency with which to run the task (e.g., 'hourly', 'daily', etc.) Default is 'minute'

chef_binary_path - The path to the chef-client binary. default: 'C:/opscode/chef/bin/chef-client'

daemon_options - An optional array of extra options to pass to the chef-client

Maintainers

This cookbook is maintained by Chef's Community Cookbook Engineering team. Our goal is to improve cookbook quality and to aid the community in contributing to cookbooks. To learn more about our team, process, and design goals see our team documentation. To learn more about contributing to cookbooks like this see our contributing documentation, or if you have general questions about this cookbook come chat with us in #cookbok-engineering on the Chef Community Slack

License

Copyright: 2010-2017, Chef Software, Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

chef-client Cookbook CHANGELOG

This file is used to list changes made in each version of the chef-client cookbook.

9.0.0 (2017-10-23)

Breaking changes

We have removed the previously deprecated support for running chef-client as a Windows service and running under the runit init system on Linux. Windows hosts should run chef-client as a scheduled task which resolves many issues with long running chef-client processes as a service. For Linux users we highly recommend using the native init systems within your distribution as they provide a higher level of platform support, reliability, and logging integration. For both of these changes we will not be including an automatic migration solution as doing so can prove to be problematic for many users. We recommend stopping the existing chef client and then manually running chef client to create the new service or scheduled task. That may be accomplished using knife ssh, push-jobs, or other tooling within your environment.

Other Changes

Add ability to set daemonized SSL trust store

Add attributes for setting chkconfig start and stop time values in sys-v scripts

Setup log rotate on any Linux release not just Amazon, RHEL, Debian and Fedora platform families

In the cron recipe make sure we cleanup the sys-v script and and stop the service on any Linux platform not just Amazon, RHEL, Debian and Fedora platform families

Add ability to set daemonized SSL trust store.

Fix exception when log_level is already a symbol when building the client.rb file

Initialize handler attributes to empty arrays

Add Clear Linux support

Fix loading of the solaris service config

Provide better error messages if the wrong frequency is provided to the scheduled task resource or recipe

Use full file modes in all recipes

Add ability to set frequency modifier on the chef-client Windows task as a string instead of just an integer

Add Travis CI testing of both Chef 12 and 13

Add Windows 2016 and SLES 11 testing to local Test Kitchen

8.1.8 (2017-08-06)

Add testing for Amazon Linux and Debian 9 in Travis and switch all testing to the dokken images

Consolidate duplicate attributes to simplify the attributes file

Remove leftover template file for Arch Linux

Don't use deprecated Ruby exists? method

Move testing to a test recipe that looks more like how a user would write a wrapper cookbook

Move the resource cloning spec recipe into the test recipe so we don't ship it to clients

Remove the metadata for the deprecated windows service

Simplify the platform logic in the init service recipe and expand the specs for this logic

Use resource_name not provides in the scheduled task resource

Remove docs for the pre-Chef 12.4 syslog functionality

Point users to chef_client_updater not omnibus_updater in the docs

8.1.7 (2017-07-13)

Add find_chef_client use to the task recipe so that chef_binary_path is defined.

Update documentation to reflect the rubygems_url usage.

8.1.6 (2017-06-27)

Use node['chef_client']['log_file'] in all recipes and templates

Add new attribute for timing out systemd timer to kill off hung chef-client runs

8.1.5 (2017-06-27)

Multiple improvements to systemd unit behavior of chef-client

stop the timer if timer is disabled

de-dupe env-file path referencing

ensure env file exists before service that references it

restart timer if timer changed

8.1.4 (2017-06-21)

Fix removing the chef-client schedule task

8.1.3 (2017-06-21)

Lazily eval the frequency so an update to interval attribute is respected when setting up a windows scheduled task

7.2.1 (2017-03-29)

Disable chef-client service if it exists in the windows schedule task recipe

Update cron recipe to use shard_seed when available, and node.name when not.

7.2.0 (2017-02-24)

Add a chef_client_scheduled_task custom resource. This is is used by the 'task' recipe, but can also be used directly in a wrapper cookbook. Why would I want to use this? Well when used in a wrapper cookbook you can directly pass the username/password to the resource, thus avoiding node attributes. This means you can store your credentials in any secure method you want.

7.1.0 (2017-01-16)

Fix some poor wording in the readme due to split lines

Remove a debug message in the windows task recipe

Add deprecation warning when using the Runit init system

7.0.3 (2016-12-06)

Fix invalid shell syntax in /etc/init.d script

7.0.2 (2016-12-02)

Document / test setting a custom ohai plugin path

Make log_perm permissions attribute value a string

Avoid warnings during ChefSpec runs

7.0.1 (2016-12-02)

Fixed cron attributes documentation

Fix file modes to be strings

Added SLES support to the readme

Use regex instead of position for service status

7.0.0 (2016-10-25)

Breaking Changes

Remove support for OpenBSD

Remove support for Arch Linux

Other Changes

Document 'weekday' in readme

Adding exception to 5.11 SMF manifest for SmartOS. SmartOS does not have a config milestone

Add chef-client init back for SLES 12

6.0.0 (2016-09-26)

Breaking Changes

Support for Chef 11 has been removed. Chef 12.1 or later is now required

Running chef-client as a service on Windows has been deprecated. The default.rb recipe will now include the task recipe on Windows hosts. The windows_service recipe will be removed in the next major version of this cookbook.

Other Changes

Switch from serverspec to Inspec

Add BSDs to bsd_init to fix cron service

Simplified attributes for Chef 12 - Chef 12 lets us simplify attributes since we don't have to check to see if we can fork and we can assume we know the init type via Ohai

Fix validation recipe to not explode under chef-solo.

Change path for rc.d chef-client script in FreeBSD

Remove wrong rc.d script created by an older version of cookbook

Remove duplication from rc.d script template for FreeBSD

Fix escaping in the Windows task recipe

Allow STDOUT as a valid log location

v5.0.0 (2016-07-29)

This will be the last version of this cookbook that supports Chef 11. If you are still using Chef 11 you will need to pin to < 6.0

v4.3.2 (2015-11-05)

[#347] windows_service updates client.service.rb with log_location path. This accompanies a change the chef-client that will now honor that configuration for windows_service logging. See https://github.com/chef/chef/pull/4135

[#326] prevent duplicate proxy config properties in client.rb

[#345] improved wording around deprecated settings in the readme

Added a chefignore file to limit files being uploaded to the chef server